Mitel Product Security Advisory 20-0008
Mitel Product Security Advisory 20-0008
Mitel MiCollab Multiple Security Vulnerabilities
Advisory ID: 20-0008
Publish Date: 2020-06-25
Last Updated: 2020-06-25
Revision: 1.0
Summary
The SAS portal of Mitel MiCollab could allow an attacker to access user data by performing a header injection in HTTP responses due to the improper handling of input parameters. A successful exploit could allow an attacker to access user information
The Mitel MiCollab iOS application could allow an unauthorized user to access restricted files and folders due to insufficient access control. An exploit requires a rooted iOS device, and (if successful) could allow an attacker to gain access to sensitive information
These vulnerabilities were privately reported.
Mitel is recommending customers with affected product versions, update to the latest release.
Affected Products
| Product Name | Product Version | Security Bulletin | Last Updated |
|---|---|---|---|
| MiCollab | MiCollab 9.1.2.x and earlier | 20-0008-001 | 2020-06-25 |
| MiCollab iOS application | MiCollab iOS version 9.1.313 and earlier | 20-0008-002 | 2020-06-25 |
Risk Assessment
The risk for this vulnerability is rated as Medium. Refer to the product Security Bulletins for additional statements regarding risk.
Mitigation / Recommended Action
Mitel has issued new releases of the affected software. Customers are advised to update their software to the latest versions.
Customers are advised to review the product Security Bulletin. For additional information, contact Product Support.
External References
N/A
Related CVEs / CWEs / Advisories
CVE-2020-13863
CVE-2020-13767
Revision History
| Version | Date | Description |
|---|---|---|
| 1.0 | 2020-06-25 | Initial version |